diff --git a/.controlplane/readme.md b/.controlplane/readme.md index d083073c..8c8c8db4 100644 --- a/.controlplane/readme.md +++ b/.controlplane/readme.md @@ -369,7 +369,7 @@ Review Apps (deployment of apps based on a PR) are done via the generated The review apps work by creating isolated deployments for pull requests through this automated process. When an approved collaborator comments exactly -`/deploy-review-app` on a PR, the action: +`+review-app-deploy` on a PR, the action: 1. Sets up the necessary environment and tools 2. Creates a unique review app if it doesn't exist @@ -377,9 +377,10 @@ this automated process. When an approved collaborator comments exactly 4. Deploys this image to Control Plane with its own isolated environment After the review app exists, new pushes to the PR redeploy it automatically. -Use `/delete-review-app` to delete it manually; closing the PR deletes it -automatically. Pushes to the staging branch deploy staging, and production -promotion is manual from the `cpflow-promote-staging-to-production` workflow. +Use `+review-app-delete` to delete it manually; closing the PR deletes it +automatically. Use `+review-app-help` for the review-app command reference. +Pushes to the staging branch deploy staging, and production promotion is manual +from the `cpflow-promote-staging-to-production` workflow. If staging moves off `master`, update both the `STAGING_APP_BRANCH` repository variable and the `branches:` filter in `.github/workflows/cpflow-deploy-staging.yml`; GitHub does not allow repository variables in trigger branch filters. @@ -432,9 +433,9 @@ bundle exec rubocop Then open a normal PR and let GitHub Actions prove the generated review-app, staging, lint, JS, and RSpec workflows before merging. For review-app workflow changes, test both the local workflow syntax and a real deployment. GitHub runs -`issue_comment` workflows from the default branch, so a `/deploy-review-app` -comment on the PR does not fully exercise slash-command changes that are only on -the PR branch. Before merge, run the PR branch workflow explicitly: +`issue_comment` workflows from the default branch, so a `+review-app-deploy` +comment on the PR does not fully exercise command changes that are only on the +PR branch. Before merge, run the PR branch workflow explicitly: ```bash gh workflow run cpflow-deploy-review-app.yml --ref -f pr_number= diff --git a/.controlplane/shakacode-team.md b/.controlplane/shakacode-team.md index e065db4c..45ac0269 100644 --- a/.controlplane/shakacode-team.md +++ b/.controlplane/shakacode-team.md @@ -5,14 +5,14 @@ Deployments are handled by Control Plane configuration in this repo and GitHub Actions. ### Review Apps -- Add a comment `/deploy-review-app` to any PR to deploy a review app +- Add a comment `+review-app-deploy` to any PR to deploy a review app - The generated app name is `${REVIEW_APP_PREFIX}-${PR_NUMBER}`. Keep `REVIEW_APP_PREFIX` set to `qa-react-webpack-rails-tutorial-pr` so review apps use names like `qa-react-webpack-rails-tutorial-pr-1234`, matching the prefix-backed config in `.controlplane/controlplane.yml`. - New pushes to a PR redeploy only after the review app already exists. -- Add `/delete-review-app` to delete a review app manually; closing the PR also - deletes it automatically. +- Add `+review-app-delete` to delete a review app manually; closing the PR also + deletes it automatically. Use `+review-app-help` for the command reference. ### Staging Environment - **Automatic**: Any merge to the `master` branch automatically deploys to staging diff --git a/.github/actions/cpflow-setup-environment/action.yml b/.github/actions/cpflow-setup-environment/action.yml index cffdf46f..3659559e 100644 --- a/.github/actions/cpflow-setup-environment/action.yml +++ b/.github/actions/cpflow-setup-environment/action.yml @@ -17,13 +17,13 @@ inputs: cpln_cli_version: description: >- @controlplane/cli version. Empty string falls back to the action's pinned default - so callers can pass the repository variable value unconditionally. + so callers can pass `${{ vars.CPLN_CLI_VERSION }}` unconditionally. required: false default: "" cpflow_version: description: >- cpflow gem version. Empty string falls back to the action's pinned default - so callers can pass the repository variable value unconditionally. + so callers can pass `${{ vars.CPFLOW_VERSION }}` unconditionally. required: false default: "" @@ -54,7 +54,7 @@ runs: # Override per-repo by setting `CPLN_CLI_VERSION` / `CPFLOW_VERSION` repo variables; # an empty input falls back to the action's pinned default below. default_cpln_cli_version="3.3.1" - default_cpflow_version="5.0.0.rc.0" + default_cpflow_version="5.0.0.rc.1" CPLN_CLI_VERSION="${CPLN_CLI_VERSION:-${default_cpln_cli_version}}" CPFLOW_VERSION="${CPFLOW_VERSION:-${default_cpflow_version}}" diff --git a/.github/cpflow-help.md b/.github/cpflow-help.md index 09b7d705..dd82ba08 100644 --- a/.github/cpflow-help.md +++ b/.github/cpflow-help.md @@ -1,32 +1,49 @@ -# Control Plane GitHub Flow +# Review app help + +You asked for review app help. These commands are generated by [cpflow](https://github.com/shakacode/control-plane-flow). ## PR commands -`/deploy-review-app` +`+review-app-deploy` - Creates the review app if it does not exist - Builds the PR commit image - Deploys the image and comments with the review URL -- Comment body must be exactly `/deploy-review-app` — no surrounding text, trailing whitespace, or trailing newline. The trigger uses an exact-equality match, so a comment like `please /deploy-review-app now` or `/deploy-review-app ` (with a trailing space) silently no-ops. +- Comment body must be exactly `+review-app-deploy`, with no surrounding text or trailing spaces. A single trailing newline from GitHub's comment editor is accepted. Comments like `please +review-app-deploy now` or `+review-app-deploy ` (with a trailing space) silently no-op. -`/delete-review-app` +`+review-app-delete` - Deletes the review app when the PR is done - This also runs automatically when the PR closes -- Same exact-match rule as `/deploy-review-app`: the comment body must be exactly `/delete-review-app`. +- Comment body must be exactly `+review-app-delete`, with no surrounding text or trailing spaces. A single trailing newline from GitHub's comment editor is accepted. Same command-match rule as `+review-app-deploy`. + +`+review-app-help` +- Posts this message on the PR. +- Comment body must be exactly `+review-app-help`, with no surrounding text or trailing spaces. A single trailing newline from GitHub's comment editor is accepted. Same command-match rule as `+review-app-deploy`. + +## Workflow behavior + +- Review apps are opt-in and created with `+review-app-deploy` +- New commits redeploy existing review apps automatically +- Pushes to the staging branch deploy staging automatically +- Promotion to production is manual via the Actions tab +- A nightly workflow removes stale review apps + +
+Advanced: GitHub Actions secrets and variables -## Repository secrets +### GitHub Actions secrets | Name | Required | Notes | | --- | --- | --- | -| `CPLN_TOKEN_STAGING` | yes | Service-account token scoped to the staging org. | -| `CPLN_TOKEN_PRODUCTION` | yes (for promote) | Service-account token scoped to the production org. | +| `CPLN_TOKEN_STAGING` | yes | Service-account token scoped to the staging Control Plane org on controlplane.com. | +| `CPLN_TOKEN_PRODUCTION` | yes (for promote) | Service-account token scoped to the production Control Plane org on controlplane.com. | | `DOCKER_BUILD_SSH_KEY` | optional | Private SSH key used when Docker builds fetch private deps via `RUN --mount=type=ssh`. | -## Repository variables +### GitHub Actions variables | Name | Required | Notes | | --- | --- | --- | -| `CPLN_ORG_STAGING` | yes | Control Plane org for staging and review apps. | -| `CPLN_ORG_PRODUCTION` | yes (for promote) | Control Plane org for production. | +| `CPLN_ORG_STAGING` | yes | Control Plane org on controlplane.com for staging and review apps. | +| `CPLN_ORG_PRODUCTION` | yes (for promote) | Control Plane org on controlplane.com for production. | | `STAGING_APP_NAME` | yes | App name in `controlplane.yml` used as the staging deploy target. | | `PRODUCTION_APP_NAME` | yes (for promote) | App name in `controlplane.yml` used as the production deploy target. | | `REVIEW_APP_PREFIX` | yes | Prefix for per-PR review app names (e.g. `review-app`). | @@ -35,16 +52,22 @@ | `DOCKER_BUILD_EXTRA_ARGS` | optional | Newline-delimited extra docker build tokens (e.g. `--build-arg=FOO=bar`). | | `DOCKER_BUILD_SSH_KNOWN_HOSTS` | optional | SSH known_hosts entries when SSH build hosts are not GitHub.com. | | `HEALTH_CHECK_ACCEPTED_STATUSES` | optional | Space-separated HTTP statuses considered healthy on promote (default `200 301 302`). | -| `HEALTH_CHECK_RETRIES` / `HEALTH_CHECK_INTERVAL` | optional | Production health polling controls; defaults to `24` retries and `15` seconds. | -| `ROLLBACK_READINESS_RETRIES` / `ROLLBACK_READINESS_INTERVAL` | optional | Post-rollback health polling controls; defaults to `24` retries and `15` seconds. | | `CPLN_CLI_VERSION` | optional | Pin a specific `@controlplane/cli` version; falls back to the action default when unset. | | `CPFLOW_VERSION` | optional | Pin a specific cpflow gem version; falls back to the generated default when unset. | -## Workflow behavior +
-- Review apps are opt-in and created with `/deploy-review-app` -- New commits redeploy existing review apps automatically -- Slash command workflows run from the default branch until merged. Test PR-branch edits with `gh workflow run cpflow-deploy-review-app.yml --ref -f pr_number=`. -- Pushes to the staging branch deploy staging automatically -- Promotion to production is manual via the Actions tab -- A nightly workflow removes stale review apps +
+Advanced: testing changes to generated workflows + +When iterating on the generated workflow YAML on a PR branch, comment-triggered runs (`+review-app-deploy`, `+review-app-delete`, `+review-app-help`) execute the workflow code from the repository's default branch — not your PR branch. To exercise the PR-branch workflow code before merging, dispatch the workflow manually with `gh`: + +```sh +gh workflow run cpflow-deploy-review-app.yml --ref -f pr_number= +gh workflow run cpflow-delete-review-app.yml --ref -f pr_number= +gh workflow run cpflow-help-command.yml --ref -f pr_number= +``` + +`workflow_dispatch` runs use the workflow file from the `--ref` you pass, so this is the supported way to test PR-branch workflow edits before merge. After merge, comment triggers go back to running the default-branch workflow code as usual. + +
diff --git a/.github/workflows/cpflow-cleanup-stale-review-apps.yml b/.github/workflows/cpflow-cleanup-stale-review-apps.yml index be1acd23..7861e672 100644 --- a/.github/workflows/cpflow-cleanup-stale-review-apps.yml +++ b/.github/workflows/cpflow-cleanup-stale-review-apps.yml @@ -48,7 +48,6 @@ jobs: - name: Remove stale review apps env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_STAGING }} REVIEW_APP_PREFIX: ${{ vars.REVIEW_APP_PREFIX }} CPLN_ORG_STAGING: ${{ vars.CPLN_ORG_STAGING }} shell: bash diff --git a/.github/workflows/cpflow-delete-review-app.yml b/.github/workflows/cpflow-delete-review-app.yml index 2d8a9d40..b450a9a2 100644 --- a/.github/workflows/cpflow-delete-review-app.yml +++ b/.github/workflows/cpflow-delete-review-app.yml @@ -14,7 +14,6 @@ on: permissions: contents: read - deployments: write issues: write pull-requests: write @@ -34,7 +33,7 @@ jobs: if: | (github.event_name == 'issue_comment' && github.event.issue.pull_request && - github.event.comment.body == '/delete-review-app' && + contains(fromJson('["+review-app-delete","+review-app-delete\n","+review-app-delete\r\n"]'), github.event.comment.body) && contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)) || (github.event_name == 'pull_request_target' && github.event.action == 'closed') || github.event_name == 'workflow_dispatch' @@ -109,43 +108,11 @@ jobs: - name: Delete review app if: steps.config.outputs.ready == 'true' uses: ./.github/actions/cpflow-delete-control-plane-app - env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_STAGING }} with: app_name: ${{ env.APP_NAME }} cpln_org: ${{ vars.CPLN_ORG_STAGING }} review_app_prefix: ${{ vars.REVIEW_APP_PREFIX }} - - name: Mark GitHub deployment inactive - if: steps.config.outputs.ready == 'true' - uses: actions/github-script@v7 - with: - script: | - const environment = `review/${process.env.APP_NAME}`; - const deployments = await github.paginate(github.rest.repos.listDeployments, { - owner: context.repo.owner, - repo: context.repo.repo, - environment, - per_page: 100 - }); - - if (deployments.length === 0) { - core.info(`No GitHub deployments found for ${environment}.`); - return; - } - - for (const deployment of deployments) { - await github.rest.repos.createDeploymentStatus({ - owner: context.repo.owner, - repo: context.repo.repo, - deployment_id: deployment.id, - state: "inactive", - environment, - log_url: process.env.WORKFLOW_URL, - description: "Review app deleted" - }); - } - - name: Finalize delete status if: always() && steps.config.outputs.ready == 'true' uses: actions/github-script@v7 diff --git a/.github/workflows/cpflow-deploy-review-app.yml b/.github/workflows/cpflow-deploy-review-app.yml index d58ead4f..b0515c54 100644 --- a/.github/workflows/cpflow-deploy-review-app.yml +++ b/.github/workflows/cpflow-deploy-review-app.yml @@ -37,7 +37,7 @@ jobs: deploy: # Skip synchronize/opened events from fork PRs at the job level — they cannot access # repository secrets anyway, so running any steps just burns billable minutes. Users - # can still manually deploy a fork PR via `/deploy-review-app` (gated below by + # can still manually deploy a fork PR via `+review-app-deploy` (gated below by # author_association) or workflow_dispatch. if: | (github.event_name == 'pull_request' && @@ -45,7 +45,7 @@ jobs: github.event_name == 'workflow_dispatch' || (github.event_name == 'issue_comment' && github.event.issue.pull_request && - github.event.comment.body == '/deploy-review-app' && + contains(fromJson('["+review-app-deploy","+review-app-deploy\n","+review-app-deploy\r\n"]'), github.event.comment.body) && contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)) runs-on: ubuntu-latest timeout-minutes: 45 @@ -61,26 +61,6 @@ jobs: ref: ${{ github.event.repository.default_branch }} persist-credentials: false - - name: Set up Ruby for cpflow bootstrap - if: ${{ hashFiles('.github/actions/cpflow-validate-config/action.yml') == '' }} - uses: ruby/setup-ruby@v1 - with: - ruby-version: "3.4" - - - name: Bootstrap generated cpflow actions - if: ${{ hashFiles('.github/actions/cpflow-validate-config/action.yml') == '' }} - shell: bash - run: | - set -euo pipefail - gem install cpflow -v "5.0.0.rc.0" --no-document - ruby -S cpflow generate-github-actions --staging-branch master - # shellcheck disable=SC2016 - ruby -0pi -e '$_.gsub!(/so callers can pass `\$\{\{ vars\.CPLN_CLI_VERSION \}\}` unconditionally\./, "so callers can pass the repository variable value unconditionally."); $_.gsub!(/so callers can pass `\$\{\{ vars\.CPFLOW_VERSION \}\}` unconditionally\./, "so callers can pass the repository variable value unconditionally.")' .github/actions/cpflow-setup-environment/action.yml - if grep -n '\$''{{ vars\.\(CPLN_CLI_VERSION\|CPFLOW_VERSION\) }}' .github/actions/cpflow-setup-environment/action.yml; then - echo "::error::Bootstrapped cpflow setup action still contains GitHub metadata expressions in input descriptions." - exit 1 - fi - - name: Validate required secrets and variables id: config uses: ./.github/actions/cpflow-validate-config @@ -220,8 +200,6 @@ jobs: if: steps.config.outputs.ready == 'true' && steps.source.outputs.allowed == 'true' id: check-app working-directory: app - env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_STAGING }} shell: bash run: | set -euo pipefail @@ -260,15 +238,13 @@ jobs: run: | { echo "Review app ${APP_NAME} does not exist yet." - echo "Create it with a PR comment that is exactly /deploy-review-app." + echo "Create it with +review-app-deploy as the PR comment body." } >> "$GITHUB_STEP_SUMMARY" - name: Setup review app if it does not exist yet id: setup-review-app if: steps.config.outputs.ready == 'true' && steps.source.outputs.allowed == 'true' && steps.check-app.outputs.exists != 'true' && github.event_name != 'pull_request' working-directory: app - env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_STAGING }} shell: bash run: | set -euo pipefail @@ -355,8 +331,6 @@ jobs: - name: Build Docker image if: steps.config.outputs.ready == 'true' && steps.source.outputs.allowed == 'true' && (steps.check-app.outputs.exists == 'true' || steps.setup-review-app.outcome == 'success') uses: ./.github/actions/cpflow-build-docker-image - env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_STAGING }} with: app_name: ${{ env.APP_NAME }} org: ${{ vars.CPLN_ORG_STAGING }} @@ -397,7 +371,6 @@ jobs: if: steps.config.outputs.ready == 'true' && steps.source.outputs.allowed == 'true' && (steps.check-app.outputs.exists == 'true' || steps.setup-review-app.outcome == 'success') working-directory: app env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_STAGING }} RELEASE_PHASE_FLAG: ${{ steps.release-phase.outputs.flag }} shell: bash run: | @@ -415,8 +388,6 @@ jobs: if: steps.config.outputs.ready == 'true' && steps.source.outputs.allowed == 'true' && (steps.check-app.outputs.exists == 'true' || steps.setup-review-app.outcome == 'success') id: workload working-directory: app - env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_STAGING }} shell: bash run: | set -euo pipefail diff --git a/.github/workflows/cpflow-deploy-staging.yml b/.github/workflows/cpflow-deploy-staging.yml index f9643289..d00e68ea 100644 --- a/.github/workflows/cpflow-deploy-staging.yml +++ b/.github/workflows/cpflow-deploy-staging.yml @@ -8,7 +8,7 @@ on: # deploy branches unless `cpflow generate-github-actions --staging-branch BRANCH` # was used. If STAGING_APP_BRANCH is later changed in repository variables, keep # this list in sync so pushes to that branch actually trigger the workflow. - branches: ["master"] + branches: ["main", "master"] workflow_dispatch: permissions: @@ -17,7 +17,7 @@ permissions: env: APP_NAME: ${{ vars.STAGING_APP_NAME }} CPLN_ORG: ${{ vars.CPLN_ORG_STAGING }} - STAGING_APP_BRANCH: ${{ vars.STAGING_APP_BRANCH || 'master' }} + STAGING_APP_BRANCH: ${{ vars.STAGING_APP_BRANCH }} concurrency: group: cpflow-deploy-staging-${{ github.ref_name }} @@ -56,8 +56,6 @@ jobs: - name: Checkout repository if: steps.check-branch.outputs.is_deployable == 'true' uses: actions/checkout@v4 - with: - persist-credentials: false - name: Validate required secrets and variables if: steps.check-branch.outputs.is_deployable == 'true' @@ -93,8 +91,6 @@ jobs: - name: Build Docker image uses: ./.github/actions/cpflow-build-docker-image - env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_STAGING }} with: app_name: ${{ env.APP_NAME }} org: ${{ vars.CPLN_ORG_STAGING }} @@ -105,7 +101,7 @@ jobs: deploy: needs: [validate-branch, build] - if: needs.validate-branch.outputs.is_deployable == 'true' && needs.build.result == 'success' + if: needs.validate-branch.outputs.is_deployable == 'true' runs-on: ubuntu-latest timeout-minutes: 30 steps: @@ -130,7 +126,6 @@ jobs: - name: Deploy staging image env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_STAGING }} RELEASE_PHASE_FLAG: ${{ steps.release-phase.outputs.flag }} shell: bash run: | diff --git a/.github/workflows/cpflow-help-command.yml b/.github/workflows/cpflow-help-command.yml index 65fc3de6..0818dfb2 100644 --- a/.github/workflows/cpflow-help-command.yml +++ b/.github/workflows/cpflow-help-command.yml @@ -17,10 +17,15 @@ permissions: jobs: help: + # Comment-triggered runs are gated on author_association so only repo + # owners/members/collaborators can invoke them. workflow_dispatch is + # intentionally not gated here: GitHub already restricts manual dispatches + # to users with `actions: write` (write access to the repo), which is a + # stricter bar than COLLABORATOR. if: | (github.event_name == 'issue_comment' && github.event.issue.pull_request && - github.event.comment.body == '/help' && + contains(fromJson('["+review-app-help","+review-app-help\n","+review-app-help\r\n"]'), github.event.comment.body) && contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)) || github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest diff --git a/.github/workflows/cpflow-promote-staging-to-production.yml b/.github/workflows/cpflow-promote-staging-to-production.yml index 09bea81f..dc43d401 100644 --- a/.github/workflows/cpflow-promote-staging-to-production.yml +++ b/.github/workflows/cpflow-promote-staging-to-production.yml @@ -16,8 +16,8 @@ env: # Worst-case wall time per attempt is HEALTH_CHECK_INTERVAL plus the curl --max-time below # (10s), so the defaults give a ~10 minute window (24 × (15 + 10) = 600s) — enough for # most Rails cold boots (asset precompile + db:migrate + workload readiness). - HEALTH_CHECK_RETRIES: ${{ vars.HEALTH_CHECK_RETRIES || '24' }} - HEALTH_CHECK_INTERVAL: ${{ vars.HEALTH_CHECK_INTERVAL || '15' }} + HEALTH_CHECK_RETRIES: 24 + HEALTH_CHECK_INTERVAL: 15 # Space-separated list of HTTP statuses considered healthy. The default accepts 301/302 # because `curl` is invoked without `-L`, so a root `/` that redirects to a login page # (common for Rails apps that auth-gate `/`) would otherwise be reported as unhealthy @@ -31,8 +31,8 @@ env: # expose a dedicated health endpoint (e.g. "200" for a plain /health, or "200 401 403" # for apps that auth-gate / without redirecting). HEALTH_CHECK_ACCEPTED_STATUSES: ${{ vars.HEALTH_CHECK_ACCEPTED_STATUSES || '200 301 302' }} - ROLLBACK_READINESS_RETRIES: ${{ vars.ROLLBACK_READINESS_RETRIES || '24' }} - ROLLBACK_READINESS_INTERVAL: ${{ vars.ROLLBACK_READINESS_INTERVAL || '15' }} + ROLLBACK_READINESS_RETRIES: 24 + ROLLBACK_READINESS_INTERVAL: 15 PRIMARY_WORKLOAD: ${{ vars.PRIMARY_WORKLOAD }} concurrency: @@ -162,7 +162,6 @@ jobs: - name: Capture current production image id: capture-current env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_PRODUCTION }} PRODUCTION_APP_NAME: ${{ vars.PRODUCTION_APP_NAME }} CPLN_ORG_PRODUCTION: ${{ vars.CPLN_ORG_PRODUCTION }} WORKLOAD_NAMES: ${{ steps.workloads.outputs.names }} @@ -272,7 +271,6 @@ jobs: - name: Copy image from staging env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_PRODUCTION }} # Pass the upstream token via env rather than `-t` so it doesn't appear in /proc//cmdline. CPLN_UPSTREAM_TOKEN: ${{ secrets.CPLN_TOKEN_STAGING }} PRODUCTION_APP_NAME: ${{ vars.PRODUCTION_APP_NAME }} @@ -285,7 +283,6 @@ jobs: - name: Deploy image to production env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_PRODUCTION }} PRODUCTION_APP_NAME: ${{ vars.PRODUCTION_APP_NAME }} CPLN_ORG_PRODUCTION: ${{ vars.CPLN_ORG_PRODUCTION }} RELEASE_PHASE_FLAG: ${{ steps.release-phase.outputs.flag }} @@ -304,8 +301,6 @@ jobs: - name: Wait for deployment health id: health-check uses: ./.github/actions/cpflow-wait-for-health - env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_PRODUCTION }} with: workload_name: ${{ env.PRIMARY_WORKLOAD || 'rails' }} app_name: ${{ vars.PRODUCTION_APP_NAME }} @@ -317,7 +312,6 @@ jobs: - name: Roll back on failure if: failure() && steps.capture-current.outputs.rollback_state != '' && steps.capture-current.outputs.rollback_state != '{}' env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_PRODUCTION }} ROLLBACK_STATE: ${{ steps.capture-current.outputs.rollback_state }} PRODUCTION_APP_NAME: ${{ vars.PRODUCTION_APP_NAME }} CPLN_ORG_PRODUCTION: ${{ vars.CPLN_ORG_PRODUCTION }} @@ -384,7 +378,6 @@ jobs: - name: Wait for rollback readiness if: failure() && steps.capture-current.outputs.rollback_state != '' && steps.capture-current.outputs.rollback_state != '{}' env: - CPLN_TOKEN: ${{ secrets.CPLN_TOKEN_PRODUCTION }} ROLLBACK_STATE: ${{ steps.capture-current.outputs.rollback_state }} PRODUCTION_APP_NAME: ${{ vars.PRODUCTION_APP_NAME }} CPLN_ORG_PRODUCTION: ${{ vars.CPLN_ORG_PRODUCTION }} diff --git a/.github/workflows/cpflow-review-app-help.yml b/.github/workflows/cpflow-review-app-help.yml index 1b35b65e..74626217 100644 --- a/.github/workflows/cpflow-review-app-help.yml +++ b/.github/workflows/cpflow-review-app-help.yml @@ -26,16 +26,15 @@ jobs: with: script: | const body = [ - "# Control Plane review app commands", + "# Review app commands", "", - "`/deploy-review-app`", - "Create the review app or redeploy the PR branch to it.", + "Repo owners, members, and collaborators can use these commands:", "", - "`/delete-review-app`", - "Delete the review app and its temporary resources.", + "- `+review-app-deploy` - create or redeploy this PR's review app.", + "- `+review-app-delete` - delete this PR's review app and temporary resources.", + "- `+review-app-help` - show setup details and workflow behavior.", "", - "`/help`", - "Show the required GitHub variables, secrets, and workflow behavior." + "For setup details, repo owners, members, and collaborators can comment `+review-app-help`." ].join("\n"); await github.rest.issues.createComment({ diff --git a/Gemfile.lock b/Gemfile.lock index da8af380..5da8da71 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -154,6 +154,7 @@ GEM factory_bot_rails (6.4.3) factory_bot (~> 6.4) railties (>= 5.0.0) + ffi (1.17.2-aarch64-linux-gnu) ffi (1.17.2-arm64-darwin) ffi (1.17.2-x86_64-linux-gnu) fiber-annotation (0.2.0) @@ -220,6 +221,8 @@ GEM net-smtp (0.5.1) net-protocol nio4r (2.7.5) + nokogiri (1.19.1-aarch64-linux-gnu) + racc (~> 1.4) nokogiri (1.19.1-arm64-darwin) racc (~> 1.4) nokogiri (1.19.1-x86_64-linux-gnu) @@ -449,6 +452,7 @@ GEM mize tins (~> 1.0) thor (1.5.0) + thruster (0.1.16-aarch64-linux) thruster (0.1.16-arm64-darwin) thruster (0.1.16-x86_64-linux) tilt (2.4.0) @@ -486,6 +490,7 @@ GEM zeitwerk (2.7.5) PLATFORMS + aarch64-linux arm64-darwin arm64-darwin-22 x86_64-linux diff --git a/app/views/pages/_header.html.erb b/app/views/pages/_header.html.erb index 398ef548..894be15d 100644 --- a/app/views/pages/_header.html.erb +++ b/app/views/pages/_header.html.erb @@ -30,7 +30,7 @@ class: "rounded-3xl border border-slate-200 bg-slate-50/80 p-5 transition hover:-translate-y-0.5 hover:border-sky-300 hover:bg-white hover:no-underline hover:shadow-lg hover:shadow-sky-100" do %>

Review Apps

Quick PR Commands

-

Keep /deploy-review-app, /delete-review-app, and /help close.

+

Keep +review-app-deploy, +review-app-delete, and +review-app-help close.

<% end %> <%= link_to "https://github.com/shakacode/react-webpack-rails-tutorial/blob/master/README.md", diff --git a/app/views/pages/index.html.erb b/app/views/pages/index.html.erb index 105f37a8..d5840466 100644 --- a/app/views/pages/index.html.erb +++ b/app/views/pages/index.html.erb @@ -96,15 +96,15 @@

Quick Review App Commands

-

/deploy-review-app

+

+review-app-deploy

Build and deploy your PR branch for testing.

-

/delete-review-app

+

+review-app-delete

Remove the review app when done.

-

/help

+

+review-app-help

Show detailed instructions, environment setup, and configuration options.